Effective monitoring is essential for the security of cloud systems. Although many monitoring tools exist in the cloud domain, there is little guidance on how to deploy monitors to make the most of collected monitor data and increase the likelihood of detecting breaches of security. We introduce an actor-centric, asset-based monitor deployment model for the cloud that enables practitioners to reason about monitor deployment in terms of the security of the cloud assets that they own. We define an actor model that consolidates several roles in the literature to three roles that are motivated by security. We then develop an architectural model that identifies the assets that can be owned by each of those actors, and use it to drive an asset-based cloud threat model. Using our threat model, we claim that a cloud practitioner can reason about monitor deployment to more efficiently deploy monitors and increase its chances of detecting intrusions. We demonstrate the utility of our model with a cloud scenario based on Netflix’s use of Amazon Web Services.

Issue Date:

2014-07

Publisher:

Coordinated Science Laboratory. University of Illinois at Urbana-Champaign.